No video :(

How to Configure rsyslog in Linux | What the Pros Know | ITProTV

Подписаться 157 тыс.

Просмотров 42 тыс.

50% 1

Configuring syslog is an important administrative and security task for Linux administration. Rsyslog is a relatively quick and easy way of enabling syslogging in your Linux environment and in this video Daniel will show you how.
Subscribe to get the latest videos: go.itpro.tv/su...
Start your Linux training free! go.itpro.tv/st...
Connect with Daniel Lowrie:
/ daniel-lowrie-77315259
Enjoying this show? Get access to more online IT skills and certification training from ITProTV. Home of binge-worthy learning, ITProTV offers teams and individuals 4000+ hours of engaging & effective on-demand video training for the latest technology skills. Watch live or on-demand daily. Start learning free at ITProTV: go.itpro.tv/st...
#linuxrsyslog #syslogging #configurersyslog

Опубликовано:

15 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 22

@Rickety3263 3 года назад

QUESTION: Don't you think it's more appropriate to put modifications in the /etc/rsyslog.d directory? System updates are likely to overwrite your conf file causing a security nightmare, plus in a multi-user environment with more than 1 admin, it's more transparent what changes to the logging rules have been implemented on that particular system. I could be wrong here? Please reply :)

@alecfagan9753 3 года назад

Template text in case anyone would like to copy and paste :) $template remote-incoming-logs,"/var/log/%HOSTNAME%/%PROGRAMNAME%.log" *.* ?remote-incoming-logs & ~

@HestnetIT 3 года назад

Thanks. This is what I need to fill in some of the gaps. I couldn't get that command working to test the config file though.

@roscioa 2 года назад

So question. What about if you are running selinux? I keep trying to figure out how to write a policy to allow rsyslogd access to the audit logs. Any help would be appreciated. A video would be epic!

@h1ghpower Год назад

Nice one man! Just a quick question: I have installed and configured rsyslog (works now to receive logs via UDP from a client), not I would like to include TLS encrypted traffic as well, and I wanted to know how to do this the easy way? Should I install syslog-ng and set up things again all over? Or can I activate TLS on this rsyslog server? Also, will it be necessary to delete rsyslog if I install syslog-ng for this? Thanks!

@pietroaretino6390 3 года назад

Thanks for the help on this, good video straight to the point. Question: Does rsyslog know how to handle FQDN rather than IP? My rsyslog server is behind a NAT and I am using dynamic dns to get to my rsyslog server, while my client server is out on a public IP address? Is this possible?

@ITProTv 3 года назад

Thanks for watching! Unfortunately, I can't answer your questions because I'm not sure. I would consult the rsyslog documentation for a definite answer.

@haniefharun 3 года назад

how if I want to send other logs, for example: application logs which are in different folder. let say they are in /apps/logs/*. I want to send them all to syslog server. I know how to send them one by one. acces.log, error.log, bla bla bla..but how to send them all logs in the same folder.

@silasschmidt7852 3 года назад

Hi, great Video and thx for your explanation. I did all the configuration like you but all of my clients write also in the /etc/var/syslog from my remotelog Server. This is´nt what i want. It is possible to make some filter rules with ":msg,contains,"netfilter - dropped " /var/log/iptables.log & ~ " in /etc/rsyslog.conf but it doesn´t work. Do you have any idea how to solve my Problem? Thx

@dukken1986 3 года назад

Thank you so much mate. This was just awesome

@ITProTv 3 года назад

Thanks for watching!

@Xaiff 4 года назад

This vid made me realize I learn more from watching rather than reading myself.. :)

@ITProTv 4 года назад

We all have different styles of learning. Glad you're enjoying the video!

@vjrodrigolinux 4 года назад

Great explanation!

@ITProTv 4 года назад

Glad it was helpful!

@rachelsokol8002 3 года назад

The template is causing error for me. How do i set up the template variable in my environment?

@ITProTv 3 года назад

If you are asking if TorGhost is anonymizing all of the traffic that is passing through the router, INCLUDING all the traffic from all other devices connected to the router, then the answer is no. TorGhost only anonymizes all the network traffic of the device that TorGhost is running on as per the documentation at the github repo. Nmap traffic may not work well with TorGHost as it attempts to.... "...disable(s) unsafe packets exiting the system. Some packets like ping request can compromise your identity." - github.com/SusmithKrishnan/torghost If you have a technical question about TorGhost, I would recommend messaging TorGhost's creator and maintainer. His contact info can be found at his github page.

@BrianThomas 3 года назад

Nice video. How do we get notifications when event takes place?

@ITProTv 3 года назад

Try this: www.rsyslog.com/doc/v8-stable/configuration/modules/ommail.html

@CPalanysamy 3 года назад

using nano is punk rock

@arunrmyt 3 года назад

How to load modules like kafka and send logs into kafka ? Appreciate a quick video if you have time.

@MagnumCarta 3 года назад

Use the 'omkafka' module. Make sure to set up the broker with the broker's IP address otherwise it will default to localhost:9092. rsyslog.readthedocs.io/en/latest/configuration/modules/omkafka.html